top of page

Privacy Policy

Last updated on July, 10th 2025

PREAMBLE

 

This OSKEY Privacy Policy describes how and why we may access, collect, process, store, use and/or share your personal data when you use our services, including when you:

 

- Visit our website www.oskey.io;

- Download and use our OSKEY mobile application, or any other application that links to this privacy policy;

- Use our digital management interface to simplify and centralise the management of user access to the OSKEY service (hereinafter Oskey Management Portal).

- Use our secure solution for managing personalised access authorisations to properties and/or buildings via the Oskey Management Portal and the Oskey Application (hereinafter OSKEY Service). 

 

 

Questions or concerns?

 

We know that data protection and privacy is an issue for all users of the OSKEY Service. As part of this service, we are responsible for making decisions about how your personal data is processed. 

Reading this privacy statement will show you OSKEY's commitment to protecting your personal data and will help you understand your rights and choices in this area.

If you do not agree with our policies and practices, please do not use our services. If you have any questions, please contact us at privacy@oskey.io.

 

 

Summary of key points

 

This summary sets out the key points of our privacy policy, but you can find out more about each of these topics by using our table of contents below to find the section you are looking for.

 

 

Do we process sensitive personal data?

 

Certain data may be considered ‘sensitive’ by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation (GDPR)). We may process sensitive personal data where necessary, with your consent, or where permitted by applicable law.

 

 

Do we collect personal data from third parties?

 

We may collect personal data from public databases or when using services and browsing accounts (Google, Apple, Microsoft, etc.). 

We also collect personal data from any legal entity or individual who has signed a subscription contract with Oskey. 

 

 

Why do we process your personal data? 

 

We process your personal data to provide, improve and administer our services, to communicate with you, for security and fraud prevention purposes and to comply with the law. We may also process your personal data for other purposes (managing your access to certain Oskey services, creating your personal space, sending newsletters, solicitations and promotional messages, etc.) with your consent. We only process your personal data when we have a valid legal reason to do so.

 

 

In which situations and with which parties do we share your personal data?

We may share personal data in specific situations and with specific third parties.

 

 

How do we ensure the security of your personal data? 

 

We have put in place appropriate organisational and technical processes and procedures to protect your personal data.

Although we implement robust security measures to protect your data, it is important to understand that no method of sharing or storing data online can offer 100% protection.

 

 

What are your rights? 

 

In accordance with the RGPD and law no. 78-17 of 6 January 1978, you have the right to access, rectify and delete your personal data. 

 

 

How can you exercise your rights? 

 

The simplest way to exercise your rights is to submit a request for access to your personal data. We will examine any request and act on it in accordance with the applicable laws on the protection of personal data.

 

Would you like to know more about what we do with the personal data we collect? 

 

Consult the full confidentiality charter.

TABLE OF CONTENTS

 

1. WHAT PERSONAL DATA DO WE COLLECT?2. WHY DO WE PROCESS YOUR PERSONAL DATA?

3. WHAT ARE THE LEGAL BASES ON WHICH WE PROCESS YOUR PERSONAL DATA? 

4. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL DATA?

5. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?

6. HOW DO WE MANAGE YOUR SOCIAL IDENTIFIERS?

7. HOW LONG DO WE KEEP YOUR PERSONAL DATA?

8. HOW DO WE ENSURE THE SECURITY OF YOUR PERSONAL DATA?

9. WHAT ARE YOUR RIGHTS?

10. CONTROL OF DO-NOT-TRACK FUNCTIONS 

11. DO WE UPDATE THIS CHARTER?

12. HOW CAN YOU CONTACT US ABOUT THIS CHARTER?

1. WHAT DATA DO WE COLLECT? 

 

We collect the personal and non-personal data that you voluntarily provide to us when you register on our services, when you request information about us or our products and services, or when you contact us.

The personal and non-personal data we collect depends on the context of your interactions with us and our services, the choices you make and the products and features you use. The personal data we collect includes the following:

1. QUELLES SONT LES DONNÉES QUE NOUS RECUEILLONS ? 
Finalité
Catégorie de personne concernée
Catégorie de données personnelles
Catégorie de personnel ayant accès aux données à caractère personnel
Base légale
Durée de conservation
Created Date
Identity and Communication Management
PGO and Mobile Application Users
Birth name and/or common name, first name, email address, address, phone number, account data, search data, device identifier.
Technical Staff in Charge of Oskey Solutions Support
Contract Execution and Legitimate Interests*
3 months from the user's request for termination and deletion.
26/03/2025
Profile Picture Management
Mobile Application Users
Personal Photos
Technical Staff in Charge of Oskey Solution Support
Consent
Up to 3 months from the User's request for termination and deletion. Or: 5 years from the User Account termination request, or from the last use of Oskey services, in case of User Account inactivity.
26/03/2025
Authentication and Security
Mobile Application Users
Contact or Authentication Data (Email, identifier, phone number, etc.)
Technical Personnel in Charge of Oskey Solution Support
Contract Execution
Up to 3 months from the User's request for termination and deletion. Or: 5 years from the User Account termination request, or from the last use of Oskey services, in case of User Account inactivity.
26/03/2025
Login via Account
Mobile Application Users
Connection Data
Personnel technique en charge du support des solutions Oskey
Consent and Legitimate Interests*
Up to 3 months from the User's request for termination and deletion. Or: 5 years from the User Account termination request, or from the last use of Oskey services, in case of User Account inactivity.
26/03/2025
Access to Mobile Device Functions
Mobile Application Users
Bluetooth, Contacts, Camera, Microphone
Technical Staff in Charge of Oskey Solutions Support
Consent
Duration of Use Necessary for the Requested Service
26/03/2025
Mobile Device Technical Data
Portal Management (PGO) and Mobile Application Users
Identifiers, Password, Connection Data, IP Address, Device Identifiers, Operating System
Technical Personnel Responsible for Oskey Solutions Support
Legitimate Interests**
Up to 3 months from the User's request for termination and deletion. Or: 5 years from the User Account termination request, or from the last use of Oskey services, in case of User Account inactivity.
26/03/2025
Push Notifications
PGO and Mobile Application Users
Push Notification Delivery Data
Technical Personnel in Charge of Oskey Solutions Support
Contract Execution, Consent, and Legitimate Interests*
Session
26/03/2025
Visitor Authentication and Security
Visitors
images
Mobile Application Users
Legitimate Interest (Securing building access, preventing intrusions, managing personalized access; without continuous surveillance, only during an attempted access.)
Up to 30 days maximum
11/07/2025

These data are primarily necessary to maintain the security and operation of our applications, for maintenance, and for internal analysis and reporting purposes.

 2. LES FINALITÉS DU TRAITEMENT DE VOS DONNÉES À CARACTÈRE PERSONNEL ?
3. SUR QUELLES BASES LÉGALES NOUS APPUYONS-NOUS POUR TRAITER VOS DONNÉES À CARACTÈRE PERSONNEL ?
4. QUAND ET AVEC QUI PARTAGEONS-NOUS VOS DONNÉES À CARACTÈRE PERSONNEL ?
5. UTILISONS-NOUS DES COOKIES ET D'AUTRES TECHNOLOGIES DE SUIVI ?

​​​2. THE PURPOSES OF PROCESSING YOUR PERSONAL DATA?

We process your personal data for various reasons, depending on how you interact with our services, including:

  • Facilitating the creation and authentication of accounts and managing user accounts. We may process your personal data to enable you to create your account and log in easily and securely.

  • Facilitating the provision of services to the user. We may process your personal data to provide you with the requested service.

  • Responding to user requests and providing assistance. We may process your personal data to respond to your requests and resolve any potential issues you may encounter.

  • Enabling communication between users. We may process your personal data if you choose to use one of our offers that allows you to communicate with another user, including through access invitations to your building.

  • We may process your personal data when necessary to contact you about your use of our services.

  • We may process your personal data as part of our efforts to ensure the security of our services, including monitoring and preventing fraud.

  • We may process your personal data to better understand how you use our services and to improve them.

3. ON WHAT LEGAL BASIS DO WE RELY TO PROCESS YOUR PERSONAL DATA?

We only process your personal data when we believe it is necessary and we have a legitimate interest in doing so under Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), for example:

  • We may process your personal data for the purposes indicated in the table above if you have given us your consent to use them. You can withdraw your consent at any time.

  • We may process your personal data when necessary to fulfill our contractual obligations to you, including the provision of our services, or to respond to your requests before entering into a contract.

  • We may process your personal data when we believe it is reasonably necessary to achieve our legitimate business interests and that these interests do not override your interests and rights. For example, we may process your personal data to:

    • Evaluate the use of our services to optimize them and increase user loyalty.

    • Diagnose problems and/or prevent fraudulent activities.

    • Understand how our users use our products and services to improve the user experience, etc.

  • We may need to process your personal data when necessary to comply with our legal obligations. This may include cooperating with regulatory or supervisory authorities, protecting or exercising our legal rights, or disclosing your data as evidence in legal proceedings in which we are involved.

 

4. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL DATA?

We may share your data with service providers, subcontractors, or third parties who perform services for us and require access to this data to fulfill their mission. We have established contracts with these third parties to ensure the protection of your personal data. This means they can only use your personal data as instructed by us. They will also not share your personal data with any other organization or for their own purposes. They are committed to protecting the data they hold on our behalf and to retaining it for the period we have specified.

The third parties with whom we may share your personal data are as follows:

  • User login to third-party accounts: Google Account, Apple Account

  • Cloud computing services: Google Cloud Platform

  • Communication and exchange with users: Mailtrap, Octopush, Crisp

  • Optimization of features and infrastructure: Cloud Functions for Firebase, Cloud Firestore, Cloud Storage for Firebase, Firebase Hosting

  • User account registration and authentication: Google Sign-In, Apple Sign-in, Google Identity

  • Web and mobile analytics: Google Analytics for Firebase, PostHog

  • Website hosting: Wix

  • Website performance monitoring: Firebase Crash Reporting, Firebase Performance Monitoring

We may also share your personal data in the following situations:

  • Asset transfer: In the event of a merger, acquisition, or transfer of assets, we may share or transfer certain data. In all cases, this data remains subject to the same protection rules.

  • Use of Google Maps APIs: To provide you with the best possible service, we may share data through Google Maps APIs (e.g., Google Maps API, Places API) and with your consent. Google Maps uses GPS, Wi-Fi, and cell tower signals to estimate your position. GPS is accurate to about 20 meters, while Wi-Fi and cell towers improve accuracy when GPS signals are weak, such as inside buildings. This data allows Google Maps to provide directions, but it is not always perfectly accurate.

  • Other users: When you share personal data (e.g., by posting comments or other content on our services) or interact with public spaces on our services, this data may be viewed by all users and made publicly accessible outside of our services permanently.

5. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?

We may use cookies and similar tracking technologies (such as web beacons) to collect data when you interact with our services. Some online tracking technologies help us maintain the security of our services and your account, prevent failures, fix bugs, record your preferences, and help you use the basic functions of the site.

In some cases, we may allow third parties and service providers to use online tracking technologies on our services for analysis and advertising purposes.

Specific information on how we use these technologies and how you can opt out of certain cookies is provided in our cookie policy.

We may share your personal data with Google Analytics to track and analyze the use of our services. To opt out of being tracked by Google Analytics across all Services, visit https://tools.google.com/dlpage/gaoptout. For more information about Google's privacy practices, please visit the Google Privacy & Terms page.

6. HOW DO WE HANDLE YOUR LOGIN IDENTIFIERS VIA ACCOUNTS (GOOGLE, APPLE, MICROSOFT…)?

Our services offer you the possibility to log in using the identifiers of your accounts (Google, Apple, Microsoft…). If you choose to do so, we receive certain profile information about you from your provider. The profile information we receive may vary depending on the provider but often includes your name, email address, friend list, profile photo, and other information you choose to make public.

We only use the data we receive for the purposes described in this privacy policy. Please note that we do not control and are not responsible for other uses of your personal data by your provider. We recommend that you consult their privacy policy to understand how they collect, use, and share your personal data, and how you can set your privacy preferences on their sites and applications.

7. HOW LONG DO WE RETAIN YOUR PERSONAL DATA?

We will only retain your personal data for a period of 3 months from the date of the user's termination request with deletion and 5 years from the end of the contractual relationship, unless a longer retention period is required or permitted by law (e.g., for tax, accounting, or other legal obligations, etc.).

When we no longer have a legitimate need to process your personal data, we will delete it or make it anonymous, or, if this is not possible, we will securely store it and isolate it from any further processing until deletion is possible.

8. HOW DO WE ENSURE THE SECURITY OF YOUR PERSONAL DATA?

We have implemented appropriate and reasonable technical and organizational security measures designed to protect the security of all your personal data that we process. However, despite our protection measures and efforts to secure your personal data, no data transmission over the internet or storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to bypass our security and inappropriately collect, access, steal, or modify your data.

It is essential that you access our services from a secure environment. If this is not the case, the transmission of your personal data to or from our services is at your own risk.

9. WHAT ARE YOUR RIGHTS?

In certain regions, such as the European Economic Area (EEA), the United Kingdom, and Switzerland, you have specific rights under the General Data Protection Regulation (GDPR), including the following rights regarding your personal data:

  • Right of access (Article 15 GDPR): You can access your personal data that we hold about you at any time.

  • Right to rectification (Article 16 GDPR) and right to erasure (Article 17 GDPR): You can request the modification or deletion of your personal data.

  • Right to restriction of processing (Article 18 GDPR): You can request the restriction of the processing of your data.

  • Right to data portability (Article 20 GDPR): You can retrieve your personal data to use it or transmit it to a third party, provided it has been processed automatically with your consent or as part of a contract.

  • Right to object (Article 21 GDPR): You can object to the processing of your data, including for direct marketing purposes or in cases of legitimate interest.

  • Right to define the fate of your data after your death (Article 19 GDPR): You can indicate how you wish your data to be managed after your death.

  • Complaint: You have the right to lodge a complaint with the supervisory authority, notably the CNIL. For more information about your rights, visit the CNIL website.

Upon your request to terminate your account, we will deactivate or delete your account and your personal data from our active databases within the timeframes mentioned above. However, we may retain certain data in our files to prevent fraud, resolve issues, assist with investigations, enforce our legal terms, and/or comply with applicable legal requirements.

We may continue to process your data if we have legitimate reasons and if it is necessary to protect, exercise, or defend our legal rights.

To exercise any of these rights, please contact us at the following address: privacy@oskey.io. We commit to processing your request within 30 days.

10. DO-NOT-TRACK CONTROLS

Most web browsers and some mobile operating systems and applications include a "Do-Not-Track" ("DNT") feature or setting that you can enable to signal your privacy preference that data related to your online browsing activities should not be monitored and collected.

At this stage, no uniform technological standard for recognizing and implementing DNT signals has been finalized. Therefore, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If an online tracking standard is adopted and we are required to comply with it in the future, we will inform you of this practice in an updated version.

 

11. DO WE MAKE UPDATES TO THIS PRIVACY POLICY?

We may update this privacy policy from time to time. The updated version will be indicated by an updated date at the top of this privacy policy. If we make significant changes to this privacy policy, we may notify you directly. We encourage you to review this privacy policy regularly to stay informed about how we protect your personal data.

This privacy policy is subject to French law and will be interpreted in accordance with it. In case of dispute, only the French version of this document will be authoritative before the competent courts.

12. HOW CAN YOU CONTACT US ABOUT THIS POLICY?

 

If you have any questions or comments about this privacy policy, you can contact the data protection officer by email at contact@oskey.io or by mail at the following address:

Oskey 43 RUE DE LIÈGE PARIS 75008 France

8. COMMENT ASSURONS-NOUS LA SÉCURITÉ DE VOS DONNÉES À CARACTÈRE PERSONNEL ?
7. COMBIEN DE TEMPS CONSERVONS-NOUS VOS DONNÉES À CARACTÈRE PERSONNEL ?
6. COMMENT TRAITONS-NOUS VOS IDENTIFIANTS DE CONNEXION VIA LES COMPTES (GOOGLE, APPLE, MICROSOFT…) ?
9. QUELS SONT VOS DROITS ?
​ 10. CONTRÔLES DES FONCTIONS « NE PAS SUIVRE » (DO-NOT-TRACK)
11. FAISONS-NOUS DES MISES À JOUR DE CETTE CHARTE DE CONFIDENTIALITÉ ?
12. COMMENT POUVEZ-VOUS NOUS CONTACTER AU SUJET DE CETTE CHARTE ?
bottom of page